Jump to content

Emby behind a reverse proxy, remote control issue.


Azor
Go to solution Solved by Karbowiak,

Recommended Posts

Here is my setup :

 

I have my Emby server running inside an OpenVZ container with a local IP adress.

Local Ip : 192.168.1.1

Public IP : 37.37.37.37

 

My Emby server can be accessed by two different ways :

- Accessing http://37.37.37.37:8096/web/index.html

- Accessing http://emby.mydomain.com/, which reverse proxy to http://192.168.1.1:8096

 

Both options works great, the second being "better" from my point of view as I can have a friendlier url.

 

However, if I connect to Emby using the reverse proxy, I can't access the remote control from any other Emby client (being web, android, etc ...)

 

Is it an issue with my configuration, or an Emby bug ?

Link to comment
Share on other sites

Which proxy do you use?

I have noticed the same issue with my nginx reverse proxy. Can you post your proxy config?

Link to comment
Share on other sites

Which proxy do you use?

I have noticed the same issue with my nginx reverse proxy. Can you post your proxy config?

Nginx aswell, here is my config :

 

/etc/nginx/sites-enabled/emby

server {
listen 80;
server_name emby.domain;
location / {
include proxy.conf;
proxy_pass http://192.168.1.9:8096;
}
}

/etc/nginx/proxy.conf

proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400; 
Link to comment
Share on other sites

Azor

Anyone got an idea on this ?

 

This isn't a really urgent bug, but using a shortened url would definitely help !

Link to comment
Share on other sites

  • Solution
Karbowiak

This is what i use, redirects from http to https, and passes all traffic to the Emby instance, including websocket traffic.

server {
        server_name mydomain;
        listen 80;

        rewrite ^ https://mydomain$request_uri? permanent;
}

server {
        server_name mydomain;
        listen 443 ssl spdy;

        ssl_certificate                 ;
        ssl_certificate_key             ;
        ssl_prefer_server_ciphers       On;
        ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers                     'AES256+EECDH:AES256+EDH:!aNULL';
        ssl_stapling                    on;
        resolver                        8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout                5s;
        ssl_stapling_verify             on;
        ssl_trusted_certificate         /etc/ssl/ca-certs.pem;
        keepalive_timeout               180;

        # This is for strict transport security HSTS
        # add_header                    Strict-Transport-Security max-age=31536000;

        client_max_body_size 1024M;

        location / {
                # Send traffic to the backend
                proxy_pass http://127.0.0.1:8096;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $remote_addr;
                proxy_set_header X-Forwarded-Protocol $scheme;
                proxy_redirect off;

                # Send websocket data to the backend aswell
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

  • Like 2
Link to comment
Share on other sites

  • 2 months later...
Cerothen

I have been fighting with this for about a week now and I cannot seem to get the websockets to work. I tried pasting even the exact config in in the answer above and have had no luck at all. My Nginx version is 1.8.0 running on Debian 7.

 

Any thoughts how I might be able to get this to work?

Link to comment
Share on other sites

Just to add my two cents, I'm using Apache as a SSL reverse proxy for Emby and it works fine.

Also the configuration looks much more simpler.

In case anyone is interested, mine looks like this (I'm using a virtual host since I have other SSL sites behind the same proxy):

<VirtualHost *:443>

    ServerName      emby.somedomain.com

    ProxyRequests   Off

<Proxy *>
    Order   deny,allow
    Allow   from    all
</Proxy>

    ProxyPass               /    http://<emby_internal_ip>:8096/
    ProxyPassReverse        /    http://<emby_internal_ip>:8096/

    SSLEngine               On
    SSLCertificateFile      <path_to_SSL_cert>
    SSLCertificateKeyFile   <path_to_SSL_private_key>

</VirtualHost>

This is the shorter version since I'm also authenticating users against Active Directory before they can reach Emby login page for added security. :)

 

Hope it helps to anyone else wanting to try Apache as a reverse proxy for Emby.

Link to comment
Share on other sites

Cerothen

I have the proxy working however I cant seem to have nginx upgrade the connection to allow the websocket to be passed through. from what I have read its been available since nginx 1.4 so I should be in the clear however it doesnt seem to be functioning as expected.

Link to comment
Share on other sites

rubenverhoef

 

This is what i use, redirects from http to https, and passes all traffic to the Emby instance, including websocket traffic.

server {
        server_name mydomain;
        listen 80;

        rewrite ^ https://mydomain$request_uri? permanent;
}

server {
        server_name mydomain;
        listen 443 ssl spdy;

        ssl_certificate                 ;
        ssl_certificate_key             ;
        ssl_prefer_server_ciphers       On;
        ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers                     'AES256+EECDH:AES256+EDH:!aNULL';
        ssl_stapling                    on;
        resolver                        8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout                5s;
        ssl_stapling_verify             on;
        ssl_trusted_certificate         /etc/ssl/ca-certs.pem;
        keepalive_timeout               180;

        # This is for strict transport security HSTS
        # add_header                    Strict-Transport-Security max-age=31536000;

        client_max_body_size 1024M;

        location / {
                # Send traffic to the backend
                proxy_pass http://127.0.0.1:8096;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $remote_addr;
                proxy_set_header X-Forwarded-Protocol $scheme;
                proxy_redirect off;

                # Send websocket data to the backend aswell
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

 

It works, but not great.

When i delete the watched status i get this error in chrome debug console:

 

 
I think there are more problems, i will check it. and ofcourse look into it myself but some help is always fine :)
Link to comment
Share on other sites

I have the proxy working however I cant seem to have nginx upgrade the connection to allow the websocket to be passed through. from what I have read its been available since nginx 1.4 so I should be in the clear however it doesnt seem to be functioning as expected.

Ok. I thought about sharing my setup since I'm not having any issue so far with Apache as reverse proxy and websocket is just working out of the box.

 

 

Sent from my iPad using Tapatalk

Link to comment
Share on other sites

rubenverhoef

Ok. I thought about sharing my setup since I'm not having any issue so far with Apache as reverse proxy and websocket is just working out of the box.

 

 

Sent from my iPad using Tapatalk

 

well, my server and alle the applications runs on nginx, and i love the performance of nginx. Switching to apache is not the ideal sollution. 

Link to comment
Share on other sites

rubenverhoef

Ok. I thought about sharing my setup since I'm not having any issue so far with Apache as reverse proxy and websocket is just working out of the box.

 

 

Sent from my iPad using Tapatalk

Well, i have managed to switched to Apache because nginx websocket reverse proxy didn't work so well for more applications.

But how do you manage Emby Connect? it doesn't work.

Link to comment
Share on other sites

To be honest I don't use it but more important I don't know how it really works (again because I just don't use it).

If I can get a good explanation of how it works and the flows I may be able to help a little bit more.

 

Thanks


Sent from my iPhone using Tapatalk

Edited by fc7
Link to comment
Share on other sites

rubenverhoef

To be honest I don't use it but more important I don't know how it really works (again because I just don't use it).

If I can get a good explanation of how it works and the flows I may be able to help a little bit more.

 

Thanks

 

 

Sent from my iPhone using Tapatalk

 

when i use your apache config it works but on every page i get in firefox console:

could not connect to wss://www.thuisverhoef.nl/emby?api_key=f33e33e3533947238e95701ada9efbea&deviceId=22b67452d654ab4bc01c40452e14574abe9d72a3.

 

any idea?

 

   <Proxy *>

       Order   deny,allow

       deny    from    all

       Allow   from    all

   </Proxy>

   ProxyPass               /emby    http://192.168.0.3:8096/emby

   ProxyPassReverse        /emby    http://192.168.0.3:8096/emby

 

Link to comment
Share on other sites

Maybe you can try adding a location configuration. So to the configuration that I shared above will now look like this:

<VirtualHost *:443>

ServerName      emby.somedomain.com

ProxyRequests   Off

<Proxy *>
    Order   deny,allow
    Allow   from    all
</Proxy>

<Location />
    ProxyPass        http://<emby_internal_ip>:8096/
    ProxyPassReverse http://<emby_internal_ip>:8096/
</Location>

<Location /emby>
    ProxyPass        ws://<emby_internal_ip>:8096/emby
    ProxyPassReverse ws://<emby_internal_ip>:8096/emby
</Location>

SSLEngine On
SSLCertificateFile      <path_to_SSL_cert>
SSLCertificateKeyFile   <path_to_SSL_private_key>

</VirtualHost>

The you should restart Apache, to be on the safe side.

Let me know if it worked.

 

EDIT: small change in the configuration file.

Edited by fc7
Link to comment
Share on other sites

rubenverhoef

Maybe you can try adding a location configuration. So to the configuration that I shared above will now look like this:

<VirtualHost *:443>

ServerName      emby.somedomain.com

ProxyRequests   Off

<Proxy *>
    Order   deny,allow
    Allow   from    all
</Proxy>

<Location />
    ProxyPass / http://<emby_internal_ip>:8096/
    ProxyPassReverse / http://<emby_internal_ip>:8096/
</Location>

<Location /emby>
    ProxyPass ws://<emby_internal_ip>:8096/emby
    ProxyPassReverse ws://<emby_internal_ip>:8096/emby
</Location>

SSLEngine On
SSLCertificateFile      <path_to_SSL_cert>
SSLCertificateKeyFile   <path_to_SSL_private_key>

</VirtualHost>

The you should restart Apache, to be on the safe side.

Let me know if it worked.

 

ProxyPass / http://<emby_internal_ip>:8096/

ProxyPassReverse / http://<emby_internal_ip>:8096/

 

has to be:

ProxyPass http://<emby_internal_ip>:8096/

ProxyPassReverse http://<emby_internal_ip>:8096/

i think

 

but it is not helping. same error

Link to comment
Share on other sites

ProxyPass / http://<emby_internal_ip>:8096/

ProxyPassReverse / http://<emby_internal_ip>:8096/

 

has to be:

ProxyPass http://<emby_internal_ip>:8096/

ProxyPassReverse http://<emby_internal_ip>:8096/

i think

 

but it is not helping. same error

 

Indeed I changed it a few minutes ago.

So that didn't work either? Weird.... is working for me with another application but maybe the application behaves different than Emby.

 

You see this error when trying to play video?

Link to comment
Share on other sites

Are you doing SSL termination with Apache?

 

I mean, is this your setup?

<Internet> -- SSL --> <Apache Proxy> -- PLAIN HTTP --> <Emby>

Link to comment
Share on other sites

rubenverhoef

the error is only in the console of chrome or firefox. everything works "fine". the error comes in the console every time i change from screen (like i click on a movie) there is no error when playing a video.

 

and yes see:


<VirtualHost _default_:443>
   ServerName www.thuisverhoef.nl
   ProxyRequests   Off

   <Proxy *>
       Order   deny,allow
       deny    from    all
       Allow   from    all
   </Proxy>

   ProxyPass               /emby    http://192.168.0.3:8096/emby
   ProxyPassReverse        /emby    http://192.168.0.3:8096/emby

   Redirect permanent /mediabrowser https://www.thuisverhoef.nl/emby

   SSLEngine               On
   SSLCertificateFile      "/etc/certificates/www.thuisverhoef.nl_bundle.crt"
   SSLCertificateKeyFile   "/etc/certificates/www.thuisverhoef.nl_bundle.key"

</VirtualHost>

the config with location didn't work either

 

without the proxypass emby locations the error is also present in chrome/firefox console

 

NOTE: the error is not present when i go to the local emby ip:port

Edited by rubenverhoef
Link to comment
Share on other sites

This may seem obvious, but did you check that you are loading the Proxy Websocket module in Apache configuration (mod_proxy_wstunnel.so)?

Link to comment
Share on other sites

rubenverhoef

This may seem obvious, but did you check that you are loading the Proxy Websocket module in Apache configuration (mod_proxy_wstunnel.so)?

yes i load :proxy_wstunnel_module, proxy_module and proxy_http_module

Link to comment
Share on other sites

the error is only in the console of chrome or firefox. everything works "fine". the error comes in the console every time i change from screen (like i click on a movie) there is no error when playing a video.

 

and yes see:


<VirtualHost _default_:443>
   ServerName www.thuisverhoef.nl
   ProxyRequests   Off

   <Proxy *>
       Order   deny,allow
       deny    from    all
       Allow   from    all
   </Proxy>

   ProxyPass               /emby    http://192.168.0.3:8096/emby
   ProxyPassReverse        /emby    http://192.168.0.3:8096/emby

   Redirect permanent /mediabrowser https://www.thuisverhoef.nl/emby

   SSLEngine               On
   SSLCertificateFile      "/etc/certificates/www.thuisverhoef.nl_bundle.crt"
   SSLCertificateKeyFile   "/etc/certificates/www.thuisverhoef.nl_bundle.key"

</VirtualHost>

the config with location didn't work either

 

without the proxypass emby locations the error is also present in chrome/firefox console

 

NOTE: the error is not present when i go to the local emby ip:port

 

I would suggest two things.

 

1- Make sure that you have the mod_proxy_wstunnel.so module configured and loading in Apache.

2- Review the configuration since what you are pasting here is not correct. You need to use the "Location" configuration and also check that you are using the correct URL for /emby location. That will be ws:// and not http:// as I read in your post. You can use my previous posted configuration as an example (please check it again since I edited it like twice and you maybe wrinting a post and didn't notice the changes :))

Link to comment
Share on other sites

yes i load :proxy_wstunnel_module, proxy_module and proxy_http_module

 

Ok that's great.

So please now, try the configuration I posted and edited in my previous post. Pay attention to the /emby location and the protocol configuration of the Proxypass directive since it must be ws:// and not http://

 

Let me know how it goes.

 

EDIT: by the way, which version of Apache and on which distro are you running your proxy?

Edited by fc7
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...